Unrated severityNVD Advisory· Published Mar 7, 2019· Updated Sep 16, 2024

Apps Manager unverified SSL certs in Cloud Controller proxy

CVE-2019-3777

Description

Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller

Affected products

Cloudfoundry/Ops Managercpe-rescue
Range: 666
Pivotal/Pivotal Application Servicev5
Range: 2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/107214mitrevdb-entryx_refsource_BID
pivotal.io/security/cve-2019-3777mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000